On Fri, May 3, 2019 at 9:39 AM Emond Papegaaij <emond.papega...@gmail.com> wrote:
> [...] we are investigating 'OAuth 2.0 > Token Exchange'. [...] However, I noticed that > draft 16 has expired on April 22, 2019. Is this specification still active? > Yeah, it is. A nontrivial amount of stuff came up in IESG balloting on the document https://datatracker.ietf.org/doc/draft-ietf-oauth-token-exchange/ballot/ and I have not been able to find the time to make all the necessary changes. Also, resulting from that IESG balloting there was the need to request early IANA registrations of some things, which is a whole ordeal unto itself with timelines I cannot seem to affect much even when I have the time to try. So it's active but just hung up for a moment at the moment. > > To summarize, I have to following questions: > - Is the 'OAuth 2.0 Token Exchange' specification still active? > Yes with the caveats mentioned above. I will say that although there's a lot of work required for the document, none of it is likely to result in functional changes so I don't anticipate anything breaking at this point. - Can 'audience' be added to 'Resource Indicators for OAuth 2.0'? > No, that's beyond it's current scope. And it is well past last call in the WG. But note that a logical identifier can be used as the value of the resource parameter. - Can 'OAuth 2.0 Token Exchange' be updated to build on 'Resource > Indicators > for OAuth 2.0' rather than redefining the same parameters? > Not really as a matter of timing and process. But the resource parameter will ultimately be consistent across the two. -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
